resourceid entity

[cmaneiro]

including resourceid KeyvaultMassSecretRetrieval

Required items, please complete

Change(s):

• including field resourceid in KeyvaultMassSecretRetrieval for properly entity mapping

Reason for Change(s):

• entity missing

Version Updated:

• Required only for Detections/Analytic Rule templates
• See guidance below

Testing Completed:

• yes

Checked that the validations are passing and have addressed any issues that are present:

• See guidance below

Guidance <- remove section before submitting

---

Before submitting this PR please ensure that you have read the following sections and filled out the changes, reason for change and testing complete sections:

Thank you for your contribution to the Microsoft Sentinel Github repo.

Details of the code changes in your submitted PR. Providing descriptions for pull requests ensures there is context to changes being made and greatly enhances the code review process. Providing associated Issues that this resolves also easily connects the reason.

Change(s):

• Updated syntax for XYZ.yaml

Reason for Change(s):

• New schema used for XYZ.yaml
• Resolves ISSUE Add Logstash required version to Readme file #1234

Version updated:

• Yes
• Detections/Analytic Rule templates are required to have the version updated

The code should have been tested in a Microsoft Sentinel environment that does not have any custom parsers, functions or tables, so that you validate no incorrect syntax and execution functions properly. If your submission requires a custom parser or function, it must be submitted with the PR.

Testing Completed:

• Yes/No/Need Help

Note: If updating a detection, you must update the version field.

Before the submission has been made, please look at running the KQL and Yaml Validation Checks locally.
https://github.com/Azure/Azure-Sentinel#run-kql-validation-locally

Checked that the validations are passing and have addressed any issues that are present:

• Yes/No/Need Help

Note: Let us know if you have tried fixing the validation error and need help.

References:

• Guidance for Detection checks
• General contribution guidance
• PR validation troubleshooting

---

[v-prasadboke]

Hello @cmaneiro, you have added the detection to repo. Please create a solution folder with solution name under Solutions folder.
Please refer this Solution. Solutions/Microsoft Exchange Security - Exchange Online
Also add input file and solution metadata which is used to repackage the solution.

If this is a standalone content move the file to standalone detection folder.
Thanks.

[cmaneiro]

Hello @cmaneiro, you have added the detection to repo. Please create a solution folder with solution name under Solutions folder. Please refer this Solution. Solutions/Microsoft Exchange Security - Exchange Online Also add input file and solution metadata which is used to repackage the solution.

If this is a standalone content move the file to standalone detection folder. Thanks.

hi @v-prasadboke,

This is not a new detection, is a modification to an existent one, is for Azure KeyVault

[v-prasadboke]

Hello @cmaneiro, Its a Analytic rule which you have added to the repo. Also this is not a standalone Rule now it has been moved to Solution Azure Key Vault.
You can move you file to this specific folder Solutions/Azure Key Vault/Analytic Rules

[v-prasadboke]

Hello @cmaneiro, We are waiting for your reply.

[cmaneiro]

Hello @cmaneiro, We are waiting for your reply.

Hi,

Can you check now please?

regards

[v-prasadboke]

Thank for the commit @cmaneiro, I'll check it and let you know by tomorrow EOD.